Muzera ranhasi redhijitari, kuchengetedzwa kwetiweki kwakakosha zvakanyanya. Imwe nzira inoshanda yekudzivirira network yako kubva kune zvinogona kutyisidzira ndeyekushandisa intrusion yekuona system (IDS). Gwaro remutangi uyu rinokupa kunzwisisa kwakadzama kweIDS, basa rayo mukuchengetedzeka kwenetiweki, uye kuti ingabatsire sei kuchengetedza network yako kubva mukuwanikwa kusingatenderwe uye zviitiko zvakashata.
Chii chinonzi Intrusion Detection System (IDS)?
An Intrusion Detection System (IDS) chishandiso chekuchengetedza chinotarisisa network traffic uye kuona zviitiko zvisina mvumo kana zvakaipa. Inoshanda nekuongorora mapaketi etiweki uye nekuaenzanisa nedhatabhesi yemasaini anozivikanwa ekurwisa kana maitiro asina kujairika. Kana kupindira kwaonekwa, iyo IDS inogona kuburitsa yambiro kana kutora danho kuderedza kutyisidzira. IDS inogona kuve inotambira-yakavakirwa, iyo inotarisisa zviitiko pane chaiyo mudziyo, kana network-yakavakirwa, iyo inotarisisa network traffic. Nekushandisa IDS, masangano anogona kuona nekupindura kune zvingangotyorwa zvekuchengetedza, zvichibatsira kuchengetedza network yavo kubva mukuwanikwa kusingatenderwe uye zviitiko zvakashata.
Mhando dzeIDS: Network-based vs. Host-based.
Tmarudzi makuru eIntrusion Detection Systems (IDS) aripo: network-based IDS uye host-based IDS.
Netiweki-yakavakirwa IDS inotarisisa network traffic uye inoongorora mapaketi kuona zvinhu zvinofungirwa kana zvakaipa. Inogona kuona zviyedzo zvekupinda zvisina mvumo, network scans, uye maitiro asina kujairika maitiro anogona kuratidza kupindira. Network-based IDS inogona kuiswa panzvimbo dzakasiyana-siyana munetiweki, senge parimita, mukati metiweki yemukati, kana pazvikamu zvakakosha network.
Kune rimwe divi, iyo host-based IDS inotarisa pakutarisa zviitiko pane chaiyo mudziyo kana muenzi. Inoongorora matanda ehurongwa, kutendeseka kwefaira, uye zviitiko zvevashandisi kuona zviratidzo zvekupindira kana kukanganisa. Host-based IDS inogona kupa ruzivo rwakadzama nezve zviitiko zviri kuitika pane chaiyo mudziyo, zvichiita kuti zvibatsire mukuona kutyisidzira kwemukati kana kurwiswa kwakanangwa.
Zvese zviri zviviri network-yakavakirwa uye host-yakavakirwa IDS ine zvayakanakira uye zvinogumira. Network-based IDS inogona kupa yakafara network maonero uye kuona kurwiswa kunogona kupfuura host-based ID. Nekudaro, inogona kusaona yakavharidzirwa traffic kana zviitiko mukati meiyo encrypted chiteshi. Host-based IDS, kune rumwe rutivi, inogona kupa ruzivo rwakadzama pamusoro pemidziyo chaiyo asi inogona kusakwanisa kuona kurwiswa kunoitika kunze kweanotariswa.
Masangano anowanzo tumira musanganiswa wetiweki-yakavakirwa uye host-yakavakirwa IDS kuti ive neyakakwana kuchengetedza yekutarisa system. Izvi zvinovatendera kuti vaone uye vapindure kune dzakasiyana siyana dzekutyisidzira uye kuve nechokwadi chekuchengetedzwa kwese kwetiweki yavo.
Mashandiro anoita IDS: Nzira dzekuona uye matekiniki.
Intrusion Detection Systems (IDS) inoshandisa nzira dzakasiyana siyana uye matekiniki kuona zvinogona kutyisidzira uye kupindira munetiweki. Idzi nzira dzinogona kuiswa mumhando mbiri huru: siginecha-yakavakirwa kuona uye anomaly-yakavakirwa kuona.
Siginecha-yakavakirwa kucherechedzwa kunosanganisira kuenzanisa network traffic kana sisitimu zviitiko zvinopesana nedhatabhesi yemasaini anozivikanwa ekurwisa. Aya masiginicha mapatani kana maitiro ane chekuita nemhando dzekurwisa. Kana mutambo wawanikwa, IDS inosimudza yambiro kana kutora danho rakakodzera kuderedza kutyisidzira.
Anomaly-based monitoring, kune rumwe rutivi, inotarisa pakuona kutsauka kubva pane zvakajairika maitiro. Inotangisa hwaro hwenguva dzose network kana sisitimu zviitiko uyezve inotarisa chero anomalies kana kutsauka kubva kune iyo yekutanga. Iyi nzira inobatsira kuona kurwiswa kutsva kana kusazivikanwa kungave kusina siginicha inozivikanwa.
IDS inogona zvakare kushandisa musanganiswa wenzira mbiri idzi dzekuona, dzinozivikanwa sekuonekwa kwemahybrid. Iyi nzira inosimudzira siginecha-yakavakirwa uye anomaly-yakavakirwa masimba ekuona kuti ipe yakakwana uye yakaringana yekuona kugona.
Pamusoro pemaitiro ekuona, IDS inoshandisa nzira dzakasiyana dzekutarisa uye kuongorora network traffic kana zviitiko zvehurongwa. Aya matekiniki anosanganisira kubatwa kwepaketi uye kuongorora, kuongororwa kwelogi, kuongororwa kweprotocol, uye kuongorora maitiro. Imwe neimwe nzira inopa ruzivo rwakakosha kunetiweki kana sisitimu uye inobatsira kuona zvinogona kutyisidzira kana kupindira.
IDS inoita basa rakakosha mukuchengetedzeka kwetiweki nekuenderera mberi nekutarisa nekuongorora network traffic kana zviitwa zvehurongwa kuona uye kupindura kune zvinogona kutyisidzira. Masangano anogona kudzivirira zvirinani manetwork kubva kuzviito zvakaipa nekunzwisisa mashandiro anoita IDS uye nzira dzakasiyana dzekuona nemaitiro avanoshandisa.
Zvakanakira kushandisa IDS.
Pane mabhenefiti akati wandei ekushandisa Intrusion Detection System (IDS) kuchengetedza network yako.
Chekutanga, IDS inogona kupa chaiyo-nguva yekutarisa uye kuona kwezvingangoita kutyisidzira. Inoramba ichiongorora network traffic kana zviitwa zvesystem, zvichibvumira kuti uone nekukurumidza uye kupindura kune chero fungidziro kana huipi maitiro. Iyi proactive nzira inobatsira kudzikisa kukanganisa kwekurwiswa uye kudzivirira kumwe kukuvadza kune network.
Kechipiri, IDS inogona kubatsira kuziva uye kudzikisira kutsva kana kusazivikanwa kurwiswa. Siginicha-yakavakirwa kuona inogona kusashanda pakurwisa-zero-zuva kurwiswa kana kurwiswa kusati kwaonekwa uye kuwedzerwa kune siginecha dhatabhesi. Anomaly-yakavakirwa kuona, zvisinei, inogona kuona kutsauka kubva kune yakajairika maitiro uye kuisa uku kutsva kana kusazivikanwa kurwiswa.
Chechitatu, IDS inogona kupa ruzivo rwakakosha kunetiweki kana sisitimu. Nekuongorora traffic yetiweki kana zviitwa zvehurongwa, IDS inogona kuona kusagadzikana, kusarongeka, kana kumwe kusasimba kwekuchengetedza kunogona kushandiswa nevanorwisa. Ruzivo urwu runogona kushandiswa kusimbisa dziviriro yetiweki nekuvandudza kuchengetedzwa kwese.
Uyezve, IDS inogona kubatsira mukutevedzera zvinodiwa nemutemo. Maindasitiri mazhinji ane mirau yekuchengetedza uye zviyero izvo masangano anofanira kutevedzera. Nekushandisa IDS, masangano anogona kuratidza kuzvipira kwavo kune chengetedzo uye kuzadzisa izvi zvinodiwa zvekuteerera.
Chekupedzisira, IDS inogona kubatsira mukupindura kwechiitiko uye kuongororwa kwe forensic. Muchiitiko chekutyorwa kwekuchengetedza kana chiitiko, IDS inogona kupa ruzivo rwakadzama uye ruzivo nezvekurwisa, ichibatsira masangano kunzwisisa zvakaitika uye kutora matanho akakodzera kudzivirira zviitiko zvenguva yemberi.
Pakazere, kushandisa IDS kunogona kuwedzera zvakanyanya kuchengetedzeka kwetiweki yako nekupa chaiyo-nguva yekutarisisa, kuona kutsva kana kusazivikanwa kurwiswa, kuona kusazvibata, kuve nechokwadi chekuteedzera, uye kubatsira mukupindura kwechiitiko uye kuongororwa.
Maitiro akanakisa ekushandisa uye kubata IDS.
1. Tsanangura zvinangwa zvako: Taura zvakajeka zvinangwa zvako nezvinangwa zvekushandisa IDS. Izvi zvichabatsira kutungamira maitiro ako ekuita sarudzo uye kuona kuti sisitimu inosangana nezvido zvako.
2. Sarudza mhinduro yeIDS yakakodzera: Yakasiyana-siyana IDS mhinduro dziripo, imwe neimwe iine maitiro ayo uye kugona kwayo. Ongorora sarudzo dzakasiyana uye sarudza imwe inonyatsoenderana netiweki yako nharaunda uye kuchengetedza zvinodiwa.
3. Gara uchivandudza masiginecha nemitemo: masisitimu eIDS anovimba nemirau nemasaini kuti aone kutyisidzira kunozivikanwa. Izvo zvakakosha kuti ugare uchigadzirisa aya masiginecha kuti arambe akadzivirirwa kubva kuzvinotyisidzira. Funga kuita otomatiki iyi maitiro kuti uve nechokwadi chekuvandudzwa nenguva.
4. Gadzirisa IDS yako: Ita maID ako kune yako chaiyo network nharaunda. Gadzirisa mazinga ekunzwa, zvikumbaridzo, uye mirau kuti uderedze manyepo akanaka neakaipa. Gara uchiongorora uye gadzirisa marongero aya kuti uwedzere kuita kwesystem.
5. Chengetedza uye ongorora chenjedzo: Chengetedza uye ongorora zviratidzo zvinogadzirwa neIDS yako. Ongorora chero chiitiko chekufungira nekukasira uye tora matanho akakodzera kudzikisira zvinogona kutyisidzira. Gara uchiongorora uye ongorora iyo data yakaunganidzwa neIDS kuona mapatani kana mafambiro anogona kuratidza kurwiswa kuri kuitika kana kusasimba.
6. Batanidza nemamwe maturusi ekuchengetedza: Funga kubatanidza IDS yako nemamwe maturusi ekuchengetedza, akadai semafirewall, SIEM (Security Information and Event Management) masisitimu, kana mapuratifomu ehungwaru ekutyisidzira. Kubatanidzwa uku kunogona kukwidziridza kuchengetedzwa kwako kwese uye kupa maonero akazara ekuchengetedza network yako.
7. Rovedza tsvimbo yako: Ita shuwa kuti IT yako uye zvikwata zvekuchengetedza zvakadzidziswa kushandisa uye kubata iyo IDS nemazvo. Izvi zvinosanganisira kunzwisisa zviziviso, kududzira data, uye kupindura kune zviitiko. Kugara uchidzidzira uye kugovana ruzivo masesisheni anogona kubatsira kuti timu yako igadziriswe nekutyisidzira kwazvino uye maitiro akanaka.
8. Gara uchiongorora uye kugadzirisa IDS yako: Nguva nenguva ongorora kushanda kweID yako uye ita zvigadziriso zvinodikanwa kana kusimudzira. Sezvo kutyisidzira kutsva kuchibuda uye network yako inoshanduka, zvakakosha kuti uve nechokwadi chekuti IDS yako inoramba ichishanda uye kusvika parizvino.
Nekutevedzera aya akanakisa maitiro, unogona kuwedzera kushanda kweIDS yako uye kudzivirira zvirinani network yako kubva kune zvinogona kutyisidzira.
